howto setup Fast CGI Authorizer?? strange errors

Discussion in 'General' started by nikss, Jan 13, 2010.

  1. nikss

    nikss New Member

    I am using 4.0.12, no matter where i place authorizer file and no matter is it bash wrapper or php or perl fcgi I am getting still in error logs

    Can not find handler with type: 7, name: $VH_NAME_authorizer.
    Can not find External Application: $VH_NAME_authorizer, type: fcgiauth

    and authentication is not working

    What am I doing wrong??
  2. NiteWave

    NiteWave Administrator

    need define a "Fast CGI Authorizer" External App.

    here is an example:
    Code:
    #!/usr/bin/perl
    use FCGI;
    while (FCGI::accept >= 0)
    {
    if( $ENV{'REMOTE_USER' } eq "foo" &&
    $ENV{'REMOTE_PASSWD'} eq "bar" )
    {
    print( "Status: 200\n\n" );
    }
    else
    {
    print( "Status: 401\n\n" );
    print( "WWW-Authenticate: basic realm=\"foo\"\n\n" );
    }
    }
    (source: http://support.zeus.com/zws/examples/2005/12/16/simple_auth_with_fastcgi)

    save above file as(for example) /usr/local/lsws/fcgi-bin/fcgiauth.pl
    define an "Fast CGI Authorizer" External App, pointing to it.

    then in virtual hosts->Context, define a context(Servlet,Fast CGI, Proxy,Redirect etc), there is an "Authorizer" option, can select the "Fast CGI Authorizer" External App just defined.
  3. nikss

    nikss New Member

    hmm I did exactly what you said before
    and get this error

    I am creating Fast CGI Authorizer in vhost template

    I also turn on the highest level on error logs but nothing beside

    Can not find handler with type: 7, name: $VH_NAME_authorizerpl
    Can not find External Application: $VH_NAME_authorizerpl, type: fcgiauth

    gets logged

    below excerpt from vhost template

    <extProcessor>
    <type>fcgiauth</type>
    <name>$VH_NAME_authorizerpl</name>
    <address>uds://tmp/lshttpd/$VH_NAME_authorizerpl.sock</address>
    <note></note>
    <maxConns>20</maxConns>
    <initTimeout>20</initTimeout>
    <retryTimeout>20</retryTimeout>
    <persistConn></persistConn>
    <pcKeepAliveTimeout></pcKeepAliveTimeout>
    <respBuffer>0</respBuffer>
    <autoStart>1</autoStart>
    <path>/usr/local/lsws/fcgi-bin/authorizer.pl</path>
    <backlog>10</backlog>
    <instances>5</instances>
    <extUser></extUser>
    <extGroup></extGroup>
    <runOnStartUp></runOnStartUp>
    <extMaxIdleTime></extMaxIdleTime>
    <priority></priority>
    <memSoftLimit></memSoftLimit>
    <memHardLimit></memHardLimit>
    <procSoftLimit></procSoftLimit>
    <procHardLimit></procHardLimit>
    </extProcessor>
    </extProcessorList>
  4. NiteWave

    NiteWave Administrator

    here's my working example:

    <extProcessor>
    <type>fcgiauth</type>
    <name>fcgiauth</name>
    <address>uds://tmp/lshttpd/fcgiauth.sock</address>
    <note></note>
    <maxConns>10</maxConns>
    <initTimeout>20</initTimeout>
    <retryTimeout>0</retryTimeout>
    <persistConn>1</persistConn>
    <pcKeepAliveTimeout>60</pcKeepAliveTimeout>
    <respBuffer>0</respBuffer>
    <autoStart>1</autoStart>
    <path>$SERVER_ROOT/fcgi-bin/fcgiauth.pl</path>
    <backlog>10</backlog>
    <instances>10</instances>
    <extUser></extUser>
    <extGroup></extGroup>
    <runOnStartUp>0</runOnStartUp>
    <extMaxIdleTime>60</extMaxIdleTime>
    <priority></priority>
    <memSoftLimit></memSoftLimit>
    <memHardLimit></memHardLimit>
    <procSoftLimit></procSoftLimit>
    <procHardLimit></procHardLimit>
    </extProcessor>

    but, can't find any difference :confused:
  5. nikss

    nikss New Member

    which version of Litespeed? mine 4.0.12 Std., platform Debian Etch

    I found out that
    1.due to name convention VH_NAME (required in web admin when you configure fcgiauth) authorizer not working at all in virtual host templates
    2.on single vhost I am getting something like that in error logs

    2010-01-14 15:19:00.042 [INFO] [xxx] ExtConn timed out while processing.
    2010-01-14 15:19:00.042 [INFO] [xxx] connection to [/tmp/lshttpd/fcgiauth2.sock] on request #0, confirmed, 0, associated process: -1, running: 0, error: Connection timed out!
    2010-01-14 15:19:00.042 [NOTICE] [xxx] Suspicious request timeout, associated process: -1, running: 0.
    2010-01-14 15:19:00.042 [NOTICE] [xxx] Max retries has been reached, 503!
    2010-01-14 15:19:00.042 [NOTICE] [xxx] oops! 503 Service Unavailable

    and error 503 pops out
    Last edited: Jan 14, 2010
  6. mistwang

    mistwang LiteSpeed Staff

    Looks like your fastcgi does not run. Can you start it from command line?
  7. nikss

    nikss New Member

    of course - IT is working from command line perl, php, bash version of authorizer

    to ease debugging (and learning) I try to log from authorizer too but it never write anything
  8. NiteWave

    NiteWave Administrator

    I installed 4.0.12 std, and tested on a single vhost with your setting, looks working as well. just one warning:

    so change instances=20 to match the max connections.

    what's the "context" definition when you test the authorizer?
  9. nikss

    nikss New Member

    I turned out debug error log at server level(my stupid mistake) and found out
    premature.... in perl example

    I fixed script(added header lines) and authorizer poput with access window

    but then if i type anything it always return 401
    f.e.
    user=foo
    pass=bar

    like $ENV{'REMOTE_USER'}
    $ENV{'REMOTE_PASSWD'}
    doesnt exist

    below modified script

    #!/usr/bin/perl

    use FCGI;

    while (FCGI::accept >= 0)
    {
    if( $ENV{'REMOTE_USER'} eq "foo" && $ENV{'REMOTE_PASSWD'} eq "bar" )
    {
    print( "Status: 200\r\n" );
    print( "\r\n");

    }
    else
    {
    print( "Status: 401\n" );
    print( "WWW-Authenticate: basic realm=\"foo22\"\r\n" );
    print( "\r\n");
    }
    }
  10. mistwang

    mistwang LiteSpeed Staff

    REMOTE_PASSWD is not available, you have to get it from HTTP_AUTHENTICATION
  11. nikss

    nikss New Member

    in examples there is no such ENV variable

    I print ENVs to file and get only interesting:

    FCGI_ROLE="AUTHORIZER"
    HTTP_AUTHORIZATION="Basic Zm9vOg=="

    no USER OR PASSWD name
    I found in forum that It should be easy but i think that it is not working at all
    Can anybody can confirm working authorizer in litespeed?

    I lost 1 week to get auth with no results
    Is there any other way to authorize users with DB Mysql i litespeed?


    OK i found out that after proper decoding of HTTP_AUTHORIZATION finally it works
    still have no idea why in template vhost VH_NAME give errors
    so i try simple editing by hand xml conf file and maybe it start work
    Last edited: Jan 18, 2010

Share This Page